MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, which is designed to lead users to further malicious content. The document body, though heavily obfuscated, contains text that appears to be a lure for a movie trailer, likely to entice clicks on the malicious link. The presence of numerous external PDF links also suggests a link farm, a common tactic for SEO poisoning or distributing malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=dead+in+5+heartbeats+trailer
- https://wetuxabo.weebly.com/uploads/1/3/0/8/130873937/xitukil.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/623868ce-dda1-44c5-bf4e-83c788bf78c4/zutijusazidi.pdf
- https://uploads.strikinglycdn.com/files/2aae7420-556b-407c-a4aa-db3393df913f/roleviseva.pdf
- https://uploads.strikinglycdn.com/files/5caeaa01-e431-4ce1-9b3a-e30d9e67d935/4605497553.pdf
- https://uploads.strikinglycdn.com/files/91179647-d70f-4097-9cdb-3c8d30674832/87494949500.pdf
- https://uploads.strikinglycdn.com/files/bf6f5929-dab7-4752-8bd8-54b6ad44740a/75242695146.pdf
- https://uploads.strikinglycdn.com/files/2ca6a29f-f4a1-4862-ae0f-5388d4677527/94998051688.pdf
- https://uploads.strikinglycdn.com/files/7f2f3033-7e9d-49cc-b953-707d2fc3f584/90970636209.pdf
- https://uploads.strikinglycdn.com/files/1caa38d5-768e-4d48-9be5-9c9b40595d63/mukatunegof.pdf
- https://s3.amazonaws.com/peveziwoguxuzam/dulce_et_decorum_est_analysis_line_by_line.pdf
- https://s3.amazonaws.com/moxekibupuru/46160796338.pdf
- https://uploads.strikinglycdn.com/files/9b8855a5-547f-44d6-9618-1c6f40248a49/womem.pdf
- https://uploads.strikinglycdn.com/files/e3261a32-22c7-4ce1-ba95-7c6cb4596db7/bubivazifaropumisuv.pdf
- https://uploads.strikinglycdn.com/files/7438e40f-a93a-4864-9fb8-7bd6b0a85c74/45746263354.pdf
- https://uploads.strikinglycdn.com/files/ac38d78f-d440-41bb-a765-467fd7bae2bc/the_humanure_handbook.pdf
- https://uploads.strikinglycdn.com/files/67f147d3-b4dd-4af9-8a7f-b87096e3351e/suxamuridizunolipusaful.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005a92.binda1f53754664303db1574ab98c003442e3e2bacf951ba14d1ffaf75a8526fa1a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A92 | 12020 bytes |
font_01_sfnt_off00008194.bin5dfe72f525c5d5b00641ab3b03c0c0502768b4d66f4b319337cf9c8d567e56b8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8194 | 5176 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.